4 Things to Know About GDPR and Why It Matters to HR
by Arnaud Gouachon March 13 2017
Subscribe To Stay Up To Date
In May 2018, the EU will implement its new data privacy regulation, called General Data Protection Regulation, or GDPR. This new regulation will have major implications for any company with employees residing in the European Economic Area, regardless of the employees citizenships. The GDPR enhances data protection for employees and carries substantial penalties for non-compliance. The May 2018 compliance deadline is on the horizon and it’s important for companies to understand the GDPR’s impact on their HR departments practices.
The requirements under GDPR are expansive and compliance will call for a concentration of time, effort, and resources from HR departments at affected companies. We’ve outlined the top 4 most important things to know about the GDPR and how it could affect your company.
1. All companies with EU-based employees will be affected.
Even if the company is not established in Europe, any company with employees residing in the European Economic Area must comply with the GDPR. Additionally, third party vendors that process employee personal data (i.e. processors) pursuant to a contract with these companies (controllers) must also comply.
2. The GDPR guides a wide range of data privacy processes.
These extensive requirements will affect organizational and procedural changes within the impacted companies. The GDPR rules cover data processes that span from international transfers of employee data and security measures to employee rights concerning their data and how data is controlled and processed.
3. The GDPR establishes a large number of new rules.
Because the GDPR introduces a considerable amount of new information and regulations, HR departments will need time and resources to account for each new compliance area. Some of the biggest changes include expanded security breach measures and definitions of personal data, extended employee rights, and potential personnel changes, such as the appointment of a Data Protection Officer.
4. Non-compliance is costly.
Once the GDPR goes into effect on May 25, 2018, companies who are non-compliant will face massive penalties. Fines can be as high as 20,000,000 EUR, or up to 4% of a company’s annual global revenue. In addition, employees will be able to take legal action against, and claim damages from, both employers and their third party vendors.
Arnaud leads PeopleDoc's global legal and compliance organization, bringing over 10 years of legal experience. Prior to joining PeopleDoc, Arnaud was Vice President and General Counsel for Transdev On Demand, Inc., a subsidiary of Veolia Environnement group, where his focus was on US commercial contracts, corporate law, compliance and employment law. He has two Masters degrees in law from Northwestern University in the US and Paris XII University in France, as well as a Certificate of Business Administration from Instituto de Empresa in Madrid, Spain. He is a member of the New York Bar.